Home

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

PUBLISHED Reserved 2025-08-18 | Published 2025-08-20 | Updated 2025-08-20 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status
unaffected

* before 125.10
affected

Credits

Patrick Webster (aushack) finder

References

raw.githubusercontent.com/...ttp/contentkeeper_fileaccess.rb exploit

www.exploit-db.com/exploits/16923 exploit

www.aushack.com/200904-contentkeeper.txt technical-description

web.archive.org/...00325220542/http://www.contentkeeper.com/ product

www.vulncheck.com/...nce-arbitrary-file-access-via-mimencode third-party-advisory

cve.org (CVE-2009-10005)

nvd.nist.gov (CVE-2009-10005)

Download JSON